summaryrefslogtreecommitdiffstats
path: root/dehydrated/bin/dehydrated-nsupdate
diff options
context:
space:
mode:
Diffstat (limited to 'dehydrated/bin/dehydrated-nsupdate')
-rwxr-xr-xdehydrated/bin/dehydrated-nsupdate92
1 files changed, 92 insertions, 0 deletions
diff --git a/dehydrated/bin/dehydrated-nsupdate b/dehydrated/bin/dehydrated-nsupdate
new file mode 100755
index 0000000..f901d2e
--- /dev/null
+++ b/dehydrated/bin/dehydrated-nsupdate
@@ -0,0 +1,92 @@
+#!/bin/sh
+
+set -e
+
+HOOK="$(basename "${0}")"
+HOOK_ACTION="$(echo "${HOOK}" | awk -F. '{ print $1 }')"
+
+# set nsupdate action
+case "${HOOK}" in
+ clean_challenge.*)
+ HOOK_ACTION="delete"
+ ;;
+
+ deploy_challenge.*)
+ HOOK_ACTION="add"
+ ;;
+
+ *)
+ echo "'${HOOK}': no such hook action '${HOOK_ACTION}'" >&2
+ echo "'${HOOK}': use 'clean_challenge.' or 'deploy_challenge.' as prefix in your symlink" >&2
+ exit 1
+ ;;
+esac
+
+# alternatives handling for dig
+if command -v kdig > /dev/null 2>&1
+then
+ # knot-dnsutils
+ DIG="kdig"
+elif command -v dig > /dev/null 2>&1
+then
+ # bind-dnsutils
+ DIG="dig"
+else
+ echo "'${HOOK}': need dig from bind-dnsutils or knot-dnsutils" >&2
+ exit 1
+fi
+
+# alternatives handling for nsupdate
+if command -v knsupdate > /dev/null 2>&1
+then
+ # knot-dnsutils
+ NSUPDATE="knsupdate"
+elif command -v nsupdate > /dev/null 2>&1
+then
+ # bind-dnsutils
+ NSUPDATE="nsupdate"
+else
+ echo "'${HOOK}': need nsupdate from bind-dnsutils or knot-dnsutils" >&2
+ exit 1
+fi
+
+# find txt record to update
+CNAME="$(${DIG} "_acme-challenge.${DOMAIN}" 2>&1 | awk '/CNAME/ { print $5 }' | tail -n1)"
+
+if [ -n "${CNAME}" ]
+then
+ UPDATE_DOMAIN="${CNAME}"
+else
+ UPDATE_DOMAIN="_acme-challenge.${DOMAIN}"
+fi
+
+# find nameservers to update
+ZONE="${UPDATE_DOMAIN}"
+
+while true
+do
+ NAMESERVERS="$(${DIG} NS "${ZONE}" 2>&1 | awk '/NS/ { print $5 }' | tail -n1)"
+
+ if [ -n "${NAMESERVERS}" ]
+ then
+ break
+ else
+ ZONE="$(echo "${ZONE}" | cut -d '.' -f 2-)"
+ fi
+done
+
+NAMESERVERS="$(${DIG} +short NS "${ZONE}")"
+
+# update nameservers
+for NAMESERVER in ${NAMESERVERS}
+do
+ echo -n " + Adding TXT record (${UPDATE_DOMAIN})..."
+
+echo "server ${NAMESERVER}
+zone ${ZONE}
+ttl 0
+update ${HOOK_ACTION} ${UPDATE_DOMAIN} 0 TXT ${TOKEN_VALUE}
+send" | "${NSUPDATE}"
+
+ echo " done."
+done
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-07 06:40:53 +0000